ME businesses exposed to new breed of DDoS tactics

Industry News

22 Sep 2015

Disruptive DDoS attacks that distract IT security staff and allow hackers to install malware are becoming more common, a new study warns.

A new wave of Distributed Denial-of-Service (DDoS) that can can do much more than simply knock a business' website offline could be exposing many organisations in the Middle East to problems such as data breaches and malware.

This is according to a new report from Neustar, which noted cyber criminals are changing their tactics, taking advantage of smaller, more frequent DDoS attacks to keep security professionals distracted while they install malware in order to steal valuable trade secrets or personal data.

Half of companies in Europe, the Middle East and Africa (EMEA) experienced a DDoS incident in 2014 and early 2015, with four-fifths of these suffering multiple attacks over the period and 54 per cent being targeted six times or more.

The most immediate problems caused by such incidents are related to downtime, loss of business and brand reputation. More than 40 per cent of DDoS attacks lasted more than 24 hours, with one in ten continuing for a week.

As a result, 40 per cent of companies in the EMEA region reported losses greater than €100,000 per hour of downtime for DDoS attacks occurring in peak times.

But the problems do not end when services are back up and running. More than a third of executives (36 per cent) discovered malware installed on their systems in the wake of an incident, while a quarter found data or funds had been stolen.

Such problems are particularly prevalent in the financial services sector, where 43 per cent of attacks left malware or viruses behind.

One factor that is making this a growing problem is that such attacks do not have to be large-scale to be disruptive. The survey noted 53 per cent of DDoS attacks aimed at financial services firms were less than 5Gbps in strength.

As hacker groups can rent out botnets to conduct such activities for as little as €5.29 a month, it is very easy for criminals to conduct such an attack.

Mark Tonnesen, chief information officer and chief security officer at Neustar, observed that if an attacker's goal is to disrupt operations, rather than cause an outage, they do not need an attack of extra-large proportions.

"In launching such an attack, the attacker accomplishes several things: he disrupts operations, distracts the website and security teams, and makes sure the target network is still operational - that is to say, accessible," he said. "Now the attacker can go in and plant malware or a virus, setting the stage for data theft, siphoning funds, or whatever else."